1

I am trying to create a filter for a table using a "To" and "From" date range filter for a MySQL table. I cannot get the selected dates to query the information.

Only display data if the dates are selected. If the dates are null input fields, the table should display all rows and data.

Table: 

    | Username | Full Name | Manager  | Review Date | Total Score |
    |-------------------------------------------------------------|
    | sjohn    | John Smith| John Dow | 2015-01-31  |    80%      |
    | sjane    | Jane Smith| John Dow | 2015-02-01  |    80%      |
    | jmike    | Mike Dow  | Jane Dow | 2015-02-02  |    75%      |
    | dmia     | Mia Dow   | Rob Smith| 2015-02-10  |    90%      |

If I create a form with input fields, I would like to query the table by "fromDate" and "toDate" dates using the Review Date Column.

Problem: For some reason, the variables are not storing, or passing through the SQL statement. 

<form action="eerevuiew.php" method="POST">
<label for="from">From</label> 
<input type="text" id="datepicker" name="fromDate"/> 
<label for="to">to</label> 
<input type="text" id="datepicker2" name="toDate"/> 
<input name="" type="submit" /> 
</form>

<?php
$min = intval($_POST['fromDate']);
$max = intval($_POST['toDate']);
?> 

<?php

$con = mysqli_connect('localhost','root','123456','employeescore');
if (!$con) {
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"employeescore");
$sql="SELECT * FROM vwscore WHERE reviewdate BETWEEN '".$min."' AND '".$max."'";
$result = mysqli_query($con,$sql);
?>



<?php
echo "<table border='1'>
<tr>
<th>Username</th>
<th>Full Name</th>
<th>Manager</th>
<th>Review Date</th>
<th>Total Score</th>
</tr>";

while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['display_name'] . "</td>";
echo "<td>" . $row['manager'] . "</td>";
echo "<td>" . $row['reviewdate'] . "</td>";
echo "<td>" . $row['total_score'] . "</td>";
echo "</tr>";
}
echo "</table>"; 
?>

I am using a jQuery Function for the datepicker.

Thanks for all your help!

Improve this question
9
  • What are the values you get in min and max? You shouldn't trust user input and use an escape method before using those values in your SQL! Commented Feb 18, 2015 at 20:16
  • Hi, the values are enter are from the a datapicker. Ex. 2015-01-01 And 2015-02-01. Only if I select the values from the calendar datepicker. I hope this makes sense. Thanks Commented Feb 18, 2015 at 20:24
  • I understand that but what are the actual values you got in $min in $max when you print them? Commented Feb 18, 2015 at 20:25
  • yyyy-mm-dd. It looks like it matches the format. Sorry for not being clear. Commented Feb 18, 2015 at 20:26
  • The line "mysqli_select_db($con,"employeescore"); " is unnecessary because employeescore is defined within mysqli_connect. See php.net/manual/en/mysqli.select-db.php Commented Feb 18, 2015 at 20:29

2 Answers 2

Reset to default
0

Some information that may help you...

  1. You should check if the POST-parameters exist and maybe also if they aren't empty. If anything like this is the case, all rows could be returned by the query. I think this is what you mean with:

If the dates are null input fields, the table should display all rows and data.

  1. I don't get why you are using the intval()-function. It seems that your dates got the format yyyy-mm-dd. intval() will try its best to get a valid number from that. This will probably convert '2015-02-01' to '2015' because intval() won't manage the dashes. The query will work fine if you use the format yyyy-mm-dd for dates.

  2. possible solution:

    $sql = "SELECT * FROM vwscore"; // Would display all rows
if(isset($_POST['fromDate']) && !empty($_POST['fromDate']) && isset($_POST['toDate']) && !empty($_POST['toDate'])){ // if both dates are set and not empty...
    $sql .= " WHERE reviewdate BETWEEN '".$_POST['fromDate']."' AND '".$_POST['toDate']."'"; // ...filter dates
}
$result = mysqli_query($con,$sql);

Important Notice: Mind that it is strongly recommended to escape user input even if you use a datepicker (mysqli_real_escape_string() should do it).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I was able to configure my code. I just followed the answer from the link provided. However, I will add the (mysqli_real_escape_string() to my coding. Answer to Question

Thanks again to all for all you help.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.